IT Security Newsletter - 4/29/2022
One of the most powerful DDoSes ever targets cryptocurrency platform
A cryptocurrency platform was recently on the receiving end of one of the biggest distributed denial-of-service attacks ever after threat actors bombarded it with 15.3 million requests, content delivery network Cloudflare said. DDoS attacks can be measured in several ways, including by the volume of data, the number of packets, or the number of requests sent each second. The current records are 3.4 terabits per second for volumetric DDoSes, which attempt to consume all bandwidth available to the target. READ MORE...
Russian hacktivists launch DDoS attacks on Romanian govt sites
The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service (DDoS) attacks targeting several public websites managed by the state entities. The attack has been claimed by a pro-Russian group calling themselves Killnet. They targeted servers that host public sites with a high number of requests or high volumes of data, essentially depleting their processing resources and causing them to become unavailable. READ MORE...
Cyberespionage APT Now Identified as Three Separate Actors
A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. TA410 is a cyberespionage umbrella group loosely linked to APT10, a group tied to China's Ministry of State Security. The group is known not only for targeting U.S. organizations in the utilities sector, but also diplomatic organizations in the Middle East and Africa. READ MORE...
EmoCheck now detects new 64-bit versions of Emotet malware
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. Emotet is one of the most actively distributed malware spread through emails using phishing emails with malicious attachments, including Word/Excel documents, Windows shortcuts, ISO files, and password-protected zip files. READ MORE...
Onyx ransomware destroys files, and also the criminal circle of trust
Some ransomware authors seem to be whittling down their tenuous "circle of trust" style agreement with victims even further. Word has spread of an Onyx ransomware operation (a variant of Chaos ransomware) which is quite a bit more destructive than those impacted would be hoping for. However, all is not quite what it seems in terms of intent. The ransomware in question overwrites files larger than just 2MB. Anything important is lost to the void forever. READ MORE...
How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
The pictures show neatly trimmed fiber optic cables dug up from underground behind what appears to be a well-hidden grate. The apparent simplicity of the sabotage is all the more harrowing in light of how extensively it disrupted Internet service in France, experts said. A day after what French telecom companies are calling a large-scale coordinated attack which destroyed a large number of fiber optic cables powering the French internet, authorities there are investigating the attacks as a criminal act. READ MORE...
Critical vulnerabilities open Synology, QNAP NAS devices to attack
Users of Synology and QNAP network-attached storage (NAS) devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implemention of the Apple Filing Protocol (AFP) that allows Unix-like operating systems to serve file servers for Macs. There is no indication that they are currently being exploited by attackers in the wild, but until patches are made available, users should implement mitigations delineated by the companies. READ MORE...
Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability
Rapid7 security researchers have identified 2,000 internet-exposed Linux servers that appear to be impacted by a Redis vulnerability that has been exploited in attacks. Tracked as CVE-2022-0543, the security hole has a CVSS score of 10 and is described as an insufficient sanitization in Lua. While Redis statically links the Lua Library, some Debian/Ubuntu packages dynamically link it, leading to a sandbox escape that can be exploited to achieve remote code execution. READ MORE...
- ...in 1429, a military convoy led by Joan of Arc arrives in Orléans, France to relieve the six-month-long siege.
- ...in 1951, professional racing driver Dale Earnhardt is born in Kannapolis, NC.
- ...in 1970, actress Uma Thurman ("Kill Bill", "Dangerous Liasons") is born in Boston, MA.
- ...in 1980, English film director Alfred Hitchcock ("Psycho", "North by Northwest") passes away in his home in Los Angeles, CA.